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AMENDMENTS TO THE CLAIMS 

Kindly amend the claims as follows: 

1 . (Withdrawn) A method comprising: 
receiving network data; 

reassembling a client-server communications session from the network data; and 
detecting, through the network data, leaks of information by analyzing the client-server 
communications session using at least one of (i) statistical and (ii) keyword, -based detection. 

2. (Withdrawn) The method of claim 1, further comprising 

decoding the client-server communications session to detect and inspect one or more 
application protocols, and 

wherein the client- server communications session includes the one or more application 
protocols. 

3. (Withdrawn) Hie method of claim 2, wherein the one or more application protocols 
includes at least one of (i) pdf, (ii) hup, (iii) e-mail, (iv) e-mail attachment, (v) ftp, (vx) zip, (vii) ms 
word, (viii) ms excel, (ix) html, (x) xml, (xi) gzip, (xii) tar and (xrii) plain text. 

4. (Withdrawn) The method of claim 1, wherein the client-server communications 
session includes at least one of (i) TCP, (ii) IP and (iii) ethemet. 

5. (Withdrawn) The method of claim 1, wherein the statistical-based detection includes 
mdti-dimensional content profiling. 

6. (Withdrawn) The method of claim 1, wherein the statistical-based detection includes 
domain-specific high-level features. 

7. (Withdrawn) The method of claim 6, wherein the domain-specific high-level features 
includes at least one of (i) social security numbers, (ii) credit card numbers, (iii) postal addresses and 
(iv) e-mail addresses. 
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8. (Withdrawn) The method of claim 1 , wherein the keyword-based detection includes 
one or more weighted keywoids. . 

9. (Withdrawn) The method of claim 1, wherein the information includes a digital 



asset. 



10. (Withdrawn) The method of claim 1, further including analyzing the network data so 
as to detect any unauthorized encrypted sessioa 

1 1. (Withdrawn) A method comprising: 
receiving network communications; and 

preventing an unauthorized and/or malicious transfer, through the network 
communications, of data by providing at least content reassembly, scanning and recognition to the 
network communications in real time. 

12. (Withdrawn) The method of claim 1 1 , wherein the content scanning and recognition 
includes muiri-dimensional content profiling. 

13. (Withdrawn) The method of claim 1 1, wherein the content scanning and recognition 
is tailored to local data. 

14. (Withdrawn) The method of claim 11, wherein the method is capable of preventing 
the unauthorized and/ or malicious transfer, through the network communications, of data on fully 
saturated Gigabit speeds. 

15. (Currendy Amended) A method comprising: 
receiving network data; aad 

processing the network data at a decoder c hain to create input data for applying at least 
multi-dimensional content profiling; 

preventing, through the network data, leaks of information by at least applying th£ muki- 
dimensional content profilin g; and 

3 

NOVAN3684762.01 



PAGE 5/22 * RCVD AT 4/28/2008 4:27:44 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/41 * DNIS:2738300 * CSID: ■ DURATION (mm-ss): 10-04 



04/28/2008 15:31 FAX 



@006 



I 



AppKcationNd: 10/658,777 



Docket No.: 020501. 0802PTUS 



wherein the multi-dimensional content p rofiling comprises: 

lading nng or more profil es , wherein th e one or more profiles each comprise w 

expected set of statistical characteris tics of data: 
continuously receiving the input data from the decoder chain; 
det^n^nin g a probabilistic measure of membership o f the input data relative to the 

one or more profiles: 
com paring the probabilistic measure with a th reshold requirement for each of the 

one or more profiles: and 
generatin g a reactive measure if the pro bab ili stic measure meets the threshold 

requirement ." 

16. (Original) The method of claim 15, wherein the information includes a digital asset 

17. (Original) The method of claim 15, wherein the miilthdimensional content profiling 
takes into account the structure of the inf onnation. 

18. (withdrawn) A machine-readable medium having encoded information, which when 
read and executed by a machine causes a method comprising: 



reassembling a client-server communications session from the network data; and 
detecting, through the network data, leaks of information by analyzing the client-server 
communications session using at least one of (i) statistical and (ii) keyword -based detection. 

19. (withdrawn) A machine-readable medium having encoded information, which when 
read and executed by a machine causes a method comprising: 

receiving network communications; and 

preventing an unauthorized and/or malicious transfer, through the network 

commuixications, of data by providing at least content reassembly, scanning and recognition to the 

network communications in real time. 
» 

20. (Currently Amended) A machine-readable medium having encoded information, 
which when read and executed by a machine causes a method comprising: 
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receiving network data; and 

processing the network data at a. decoder chain to create input data for applying at kast 
midti-dimensional content profiling; 

preventing, through the network data, leaks of information by at least applying multi- 
dimensional content profiling^and 

wherein the multi-dimensional content profiling comprises: 

loading one or more profiles, wherein the one or more profiles each comprise an 

expected set of statistical characteristics of data; 
continuously receiving the input data from the decoder chain; 
^rmi'rifTi g a pmhabilistic measure of mem bership of the input data relative to the 

Qqeormpre profiles; 
comparing the probabili s tic measure with a threshold requirement for each of the 

one or more profiles: and 
generating a reactive me a sure if the probabilistic measure meets the threshold 



21. (Withdrawn) An apparatus comprising: 
a receiver to receive network data; 

a processor, coupled to the receiver, to ® reassemble a client-server communications 
session from the network data and (ii) detect, through the network data, leaks of information by 
analyzing the client-server communications session using at least one of ® statistical and (ii) 
keyword -based detection. 

22. (Withdrawn) An apparatus comprising: 

a receiver to receive network communications; and 

a processor, coupled to the receiver, to prevent an unauthorized and/ or malicious transfer, 
through the network communications, of data by providing at least content reassembly, scanning 
and recognition to the network communications in real time. 

23. (Currently Amended) An apparatus comprising: 
a receiver to receive network data; ead 
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a processor, coupled to the receiver, to prevent, through the network data, leaks of 
information by at least applying muki- dimensional content profiling, wherein the, processor 
processes the network dar a at a ri ftTflri ffr fa ™ m rr **™ " n™* ^ for applW at least the multi- 
dimensional content profiling: 

the multi-dimensional content profilin g comprising: 

In^g Qnff ftr mnrp profiles, wherein the one , pr more profiles each comprise an 

expected set of statistical character istics of data: 
continuously receiving the input data from the decoder chain; 
rWgrminin g a probabilistic measure of membership n f the input data relative to the 

one or more profiles: 
comparing the probabilistic measure with a thre shold requirement for each of the 

one or more profiles: and 
generating a reactive me asure if the probabilistic measure meets the threshold 
requirement 

24. (New) The method of claim 15, wherein processing the network data at the decoder 
chain comprises extracting data by removing one or more layers of content encoding selected from 
the group consisting of common compression, aggregation, file formats, encoding schernas, and 
combinations thereof. 

25. (New) The method of claim 15, further comprising creating the profile by. 
loading positive training sets of documents; 

representing each document from the positive training sets of documents as a point in 
muki- dimensional space; 

separating the individual points in the multi- dimensional space with a set of hyperplanes 
-wherein the set of hyperplanes effectively separate the multi-dimensional space into regions 
representing the positive training sets of documents; and 

converting the set of hyperplanes into the profile. 

26. (New) The method of claim 25, further comprising creating the profile by! 
loading negative training sets of documents; 
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representing each document from the negative training sets of documents as a point in 
multi-dimensional space; 

separating the individual points in the multi-dimensional space with a set of hyperplanes 
wherein the set of hyperplanes effectively separate the multi-dimensional space into regions 
representing the negative training sets of documents; and 

converting the set of hyperplanes into the profile. 



27. (New) The method of claim 15, wherein determining the probabilistic measure 
comprises updating one or more counters in a predetermined order, calculating values of output 
dimensions based on the one or more Counters, and calculating an output score based on the output 
dimensions wherein the output score represents the probabilistic measure. 

28. (New) The method of claim 15, wherein the preventing operates in real-time. 

29. (New) The method of claim 15, further comprising terminating sessions with leaks 
of information before the network data is fully transferred. 

30. (New) The method of claim 15, further comprising preventing, through the network 
data, leaks of information by also applying keyword scanning. 

3 1. (New) The machine-readable medium of claim 20, wherein the profile is created by: 
loading positive training sets of documents; 

representing each document from the positive training sets of documents as a point in 
multi-dimensional space; 

separating the individual points in the multi-dimensional space with a set of hyperplanes 
wherein the set of hyperplanes effectively separate the multi-dimensional space into regions 
representing the positive training sets of documents; and 

converting the set of hyperplanes into the profile. 

32. (New) The machine-readable medium of claim 31, wherein the profile is created by: 
loading negative training sets of documents; 
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representing each document from the negative training sets of documents as a point in 
multi-dimensional space; 

separating the individual points in the multidimensional space with a set of hyperplanes 
wherein the set of hyperplanes effectively separate the multi-dimensional space into regions 
representing the negative training sets of documents; and 

converting the set of hyperplanes into the profile. 

33. (New) The machine-readable medium of claim 20, further comprising receiving the 
network data at a decoder chain prior to implementing the multi-dimensional content profiling, 
wherein the decoder chain extracts data by removing one or more layers of content decoding 
selected from the group consisting of common compression, aggregation, file formats, encoding 
scheraas, and combinations thereof. 

34. (New) The machine-readable medium of claim 20, wherein the multi-dimensional 
content profiling further comprises establishing a connection with an alert module prior to sending 
the reactive measure. 

35. (New) The machine-readable medium of claim 20, wherein the calculating the set of 
output dimensions comprises determining one or more values for each counter and combining the 
one or more values for each counter to create the set of output dimensions. 

36. (New) The apparatus of claim 23, wherein the calculating an output score is 
performed for each of the one or more profiles. 
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